Well, I think the title is clear enough.
The biggest difference is that they do not have to be the same.
Generally speaking, HttpContext.Current.User
is the logon user (when it is called on a worker thread) while Thread.CurrentPrincipal
is the worker process identity.
On IIS 5.x, Thread.CurrentPrincipal
by default is ASPNET
. On IIS 6 and above, Thread.CurrentPrincipal
by default is Network Service
(or the application pool identity you change to).
To make it complex, if you enable ASP.NET impersonation, then both of them might be the same as the logon user.
Try to read some really good books on this topic and Microsoft MSDN articles,
http://msdn.microsoft.com/en-us/library/ms998351.aspx
Another suggestion is to use a debugger to attach to the worker process and check those at runtime. That can give you a better look.
Note that
HttpContext.Current.User
is not the best way to query logon user identity. You should stick toPage.User
for WebForms, andController.User
for MVC, andApiController.User
for Web API.
Another big difference is that your code doesn't always have access to the HttpContext. (For example if you have all of your BL in an assembly that may or may not be used from a web application) While they two user accounts can be different, if you use the Thread.CurrentPrincipal then your code will always be able to get at that user object no matter where you are in your code.
© 2022 - 2024 — McMap. All rights reserved.